User accounts made easy with Azure

One of the most common requirements for web applications is for users create accounts for the purpose of access control and personalization. While ASP.NET templates have always made it easy to create an application that uses a database you control to register and track user accounts, that introduces other complications over the long term. As laws around user information get stricter and security becomes more important, maintaining a database of users and passwords comes with an increasing set of maintenance and regulatory challenges.

A few weeks ago I tried out the new Azure Active Directory B2C service, and was really impressed with how easy it was to use. It added user identity and access control to my app, while moving all the responsibility for signing users up, authenticating them, and maintaining the account database to Azure (and it’s free to develop with).

In this post I’ll briefly walk through how to get up and running with Azure B2C in a new ASP.NET Core app. It’s worth noting it works just as well with ASP.NET apps on the .NET Framework with slightly different steps (see walkthrough). I’ll then include some resources that will help you with more complex scenarios including authenticating against a backend Web API.

Choose all of the information you want to know about the user under “Sign-up attributes”

Indicate all the information you want passed to your application under “Application Claims” (note: the default template uses the “Display Name” attribute in the navigation bar so you will want to include that)

Note: After you create each policy, you’ll be taken back to the tab for that policy type which will show you the full name of the policy you just created, which will be in the form “B2C_1_<name_you_entered>”. You’ll need these names below when creating your project.

Note: You’ll get the “Reply URL” in the next step when you create the new project.

Step 2: Create the Project in Visual Studio

File -> New Project -> Visual C# -> ASP.NET Core Web Application

On the New ASP.NET dialog, click the “Change Authentication” button on the right side of the dialog

Choose “Individual User Accounts”

Change the dropdown in the top right to “Connect to an existing user store in the cloud”

Fill in the required information from the B2C Tenant you created in the Azure portal previously

Copy the “Reply URI” from the “Change Authentication” dialog and enter it into the application properties for the app you previously created in your B2C tenant in the Azure portal.

Click OK

Step 3: Try it out

Now run your application (ctrl+F5), and click “Sign in” in the top right:

You’ll be navigated to Azure’s B2C sign-in/sign-up page:

The first time, click the “Sign up now” at the bottom to create your account. Once your account is created, you’ll be redirected back to your app and you’re now signed in. It’s as easy that.

Additional Resources

The above walk through provided a quick overview for how to get started with Azure B2C and ASP.NET Core. If you are interested in exploring further or using Azure B2C in a different context, here are a few resources that you may find useful:

ASP.NET Core GitHub sample: This sample demonstrates how to use a web front end to authenticate, and then obtain a token to authenticate against a backend Web API.

If you are looking to add support to an existing app, you may find it easiest to create a new project in Visual Studio and copy and paste the relevant code into your existing application. You can of course use code from the GitHub samples mentioned above as well

Conclusion

Hopefully you found this short overview of Azure B2C interesting. Authentication is often much more complex than the simple scenario we covered here, and there is no single “one size fits all”, so it should be pointed out that there are many alternative options, including third-party and open source options. As always, feel free to let me know what you think in the comments section below, or via twitter.

Join the conversation

As always, the demo is very straightforward. Now could we have an example of adding the B2C plumbing to an existing web app? In a previous life I had to integrate ADFS with our legacy app, while maintaining the existing user database etc. It didn’t help that you removed FedUtil from the tools, so I had to build a dummy app, connected to ADFS, and copy across configuration and code to our app, not fun.

Cool Thanks, I’ll check that out.
By the way, when I say “existing web app” I meant a Line-of-business app, been around for years, based on WebForms.
MVC is ok, but I still like (and use) Webforms. Its a shame you’re not moving them forward, after all the effort that has gone into their development.

Thank you for this! My first delve into authorisation using Azure 🙂 … setup seems straightforward, and I can test the authorisation online ok through the portal but my app (created as per the demo above) doesn’t authorise. I can see the request go off to https://login.microsoftonline.com/…. with a 200 status code, no opportunity to sign in and returns immediately to the app, with no apparent authorisation.. the “sign in” link is still present on the web page. I can’t see any errors reported or sign-in events in the portal. If you have any ideas I’d be very grateful!

Hello, I am having trouble with the part: “Copy the “Reply URI” from the “Change Authentication” dialog and enter it into the application properties for the app you previously created in your B2C tenant in the Azure portal.” I’m not seeing where to enter this information in the application properties.